<?php
if(!defined('IN_MANU')){ 
	die('[ERROR] You cannot load this page directly !!!');
}

class RoleManager 
{
	private $db = null;
	
	function __construct($db)
	{
		$this->db = $db;
	}
	public function editRole($nameRole = null, $password = null, $newpassword = null) {
		if ($password == "1") {
			if ($newpassword != "") {
				//change password
				$query2 = "ALTER ROLE ".$nameRole." IDENTIFIED BY ".$newpassword;
				$res = $this->db->dbQuery($query2);
				
			}
		}
		$_SESSION['message'] = 'editsuccess';
	}
	public function addRole($user= null, $pass = null,$nameRole = null, $password = null) {
		$query2 = "CREATE ROLE ".$nameRole;
		if ($password != null) {
			$query2 .= " IDENTIFIED BY ".$password;
		}
		try {
			$this->db->closeConnection();
			$this->db->startConnectionWith($user, $pass);
			$res = $this->db->dbQuery($query2);
			$this->db->closeConnection();
			$this->db->startConnection();
			if (!$res) {
				throw new Exception("haha");
			}
		}
		catch (Exception $e) {
			return $e;
		}
		if ($res == false) {
			$_SESSION['message'] = 'error';
		}
		else {
			$_SESSION['message'] = 'addsuccess';
		}
	}
	public function checkCreateRole(){
		$userName  = $this->db->get('userManager')->getCurrentUser();
		$query1 = 'select * from dba_sys_privs where grantee = '. var_export(strtoupper($userName), true).  " and privilege = 'CREATE ROLE'";
		$res1 = $this->db->getData($query1, 'user');
		$query2 = 'select * from dba_role_privs where grantee = '.var_export(strtoupper($userName), true). " and granted_role = 'DBA'";
		$res2 = $this->db->getData($query2, 'user');
		if(count($res1) == 0 && count($res2) == 0)
			return false;
		else 
			return true;
	}
	public function editGrantRole($nameRole = null, $granttorole = null, $granttouser = null, $revoke, $adminoption =null) {
		$userMan = $this->db->get('userManager');
		$user = $userMan->getCurrentUser();
		$pass = $userMan->getPassOfCurrentUser();
		$this->db->closeConnection();
		$this->db->startConnectionWith($user, $pass);
		if($granttorole != ""){
			$res3 = $query3 = "GRANT ".$nameRole." TO ".$granttorole;
			$this->db->dbQuery($query3);
		}
		if($granttouser != ""){
			$res3 = $query4 = "GRANT ".$nameRole." TO ".$granttouser;
			if ($adminoption == "1") {
				$query4.=" WITH ADMIN OPTION";
			}
			$this->db->dbQuery($query4);
		}
		if($revoke != "") {
			$res3 = $query5 = "REVOKE " . $nameRole . " FROM ".$revoke;
			$this->db->dbQuery($query5);
		}
		$this->db->closeConnection();
		$this->db->startConnection();
		
		$_SESSION['message'] = 'grantsuccess';

	}
	public function getBasicInfo($role = null)
	{
		//this query is for admin user
		//TODO:	need to modify
		$query = 'SELECT DISTINCT ROLE, PASSWORD_REQUIRED
		          FROM DBA_ROLES';
		
		$user = $this->db->get('userManager')->getCurrentUser();
		$hasDBA = $this->db->get('privilegeManager')->hasDBA($user);
		
		if ($role != null) {
			$query .= ' WHERE role = ' . var_export($role, true);
		}
		if (!$hasDBA)
			$query = 'SELECT DISTINCT ROLE, PASSWORD_REQUIRED
					  FROM DBA_ROLES
					  where role in (select distinct granted_role 
					                 from dba_role_privs 
					                 where grantee = ' . var_export(strtoupper($user), true) . ")";
		$res = $this->db->getData($query, 'role');
		
		return $res;
	}
	public function getDBA($user = null){
		$query = "select * from dba_role_privs where granted_role = 'DBA' and grantee = ". var_export(strtoupper($user), true);
		$res = $this->db->getData($query, 'privilege');
		
		return $res;
	}
	public function getRoleOfMine($user = null)
	{
		//this query is for admin user
		//TODO:	need to modify
		$dba = $this->getDBA($user);
		if(count($dba) == 0){
			$query = "SELECT DISTINCT GRANTED_ROLE, ADMIN_OPTION
		          FROM dba_role_privs 
		          WHERE grantee = ".var_export(strtoupper($user), true);	
		}else 
			$query = "SELECT DISTINCT GRANTED_ROLE
		          FROM dba_role_privs";
		
		$res = $this->db->getData($query, 'role');
		
		return $res;
	}
	
	/*
	 * @description:	Get Roles are granted to one user
	 */
	public function getRoleFrom($username)
	{
		//this query is for admin user
		$query = 'SELECT DISTINCT granted_role, admin_option
				  FROM dba_role_privs
				  WHERE grantee = ' . var_export($username, true);
		
		$res = $this->db->getData($query, 'role');
		
		return $res;
	}
	
	/*
	 * @description:	Get system privileges are granted to role
	 */
	public function getSysPrivOf($role)
	{
		$query = 'SELECT DISTINCT privilege, admin_option
				  FROM role_sys_privs
				  WHERE role = ' . var_export($role, true);
		
		$res = $this->db->getData($query, 'role');
		
		return $res;
	}
	
	/*
	* @description:	Get object privileges are granted to role
	*/
	public function getObjPrivOf($role)
	{
		$query = 'SELECT DISTINCT privilege, table_name, column_name, grantable
					  FROM role_tab_privs
					  WHERE role = ' . var_export($role, true);
	
		$res = $this->db->getData($query, 'role');
	
		return $res;
	}
	
	/*
	 * @description:	Get users are granted the role
	 */
	public function getUserOf($role)
	{
		$query = 'SELECT DISTINCT grantee, admin_option
			      FROM dba_role_privs
			      WHERE granted_role = ' . var_export($role, true);
		
		$res = $this->db->getData($query, 'role');
		
		return $res;
	}
	public function getRoleOf($role)
	{
		//$db->connection = oci_connect("system",/*pass*/ "admin");
		$query = 'SELECT DISTINCT role
			      FROM role_role_privs 
			      WHERE granted_role = ' . var_export($role, true);
		//echo var_export($role, true);
		$res = $this->db->getData($query, 'role');
		//$db->connection = oci_connect("sys",/*pass*/ "admin", null, null, OCI_SYSDBA);
		return $res;
	}
	
	/*
	 * @description:	Delete role
	 */
	public function deleteRole($role)
	{
		$query = "DROP ROLE $role";
		
		$res = $this->db->dbQuery($query);
		
		if ($res == false) {
			$_SESSION['message'] = 'error';
		}
		else {
			$_SESSION['message'] = 'delete';
		}
		
		return $res;
	}
}